Changed PBKDF2 hash from SHA512 to SHA256 (according to Crypt4GH spec…

…ification)
neicnordic · Dec 20, 2024 · 6d7085f · 6d7085f
1 parent 35584b2
commit 6d7085f
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 6 deletions.
diff --git a/kdf/kdf.go b/kdf/kdf.go
@@ -2,7 +2,7 @@
 package kdf
 
 import (
-	"crypto/sha512"
+	"crypto/sha256"
 
 	// package is old but corresponds to "golang.org/x/crypto/ssh/internal/bcrypt_pbkdf"
 	"github.com/dchest/bcrypt_pbkdf"
@@ -15,7 +15,7 @@ import (
 var KDFS = map[string]KDF{
 	"scrypt":             sCrypt{},
 	"bcrypt":             bCrypt{},
-	"pbkdf2_hmac_sha256": pbkdf2sha512{},
+	"pbkdf2_hmac_sha256": pbkdf2sha256{},
 }
 
 // KDF interface holding "Derive" method.
@@ -37,9 +37,9 @@ func (bCrypt) Derive(rounds int, password, salt []byte) (derivedKey []byte, err
 	return bcrypt_pbkdf.Key(password, salt, rounds, chacha20poly1305.KeySize)
 }
 
-type pbkdf2sha512 struct {
+type pbkdf2sha256 struct {
 }
 
-func (pbkdf2sha512) Derive(rounds int, password, salt []byte) (derivedKey []byte, err error) {
-	return pbkdf2.Key(password, salt, rounds, chacha20poly1305.KeySize, sha512.New), nil
+func (pbkdf2sha256) Derive(rounds int, password, salt []byte) (derivedKey []byte, err error) {
+	return pbkdf2.Key(password, salt, rounds, chacha20poly1305.KeySize, sha256.New), nil
 }
diff --git a/kdf/kdf_test.go b/kdf/kdf_test.go
@@ -20,7 +20,7 @@ func TestKDF(t *testing.T) {
 		},
 		{
 			name: "pbkdf2_hmac_sha256",
-			hash: "72bf7d2b4d1f18c97a333e3a89e7f22dc9771b968ddcbc1a494fbbf507059b13",
+			hash: "dd3352defb9aa734875f7a32b60e4bcf9e3671216d6e0c39f135f0297bf8e121",
 		},
 	}
 	for _, test := range tests {